Teal overlay

GDPR – Time for action - 1

A new regulation relating to data that can be used to identify an individual comes into force in May next year. All customer organisations need to be aware of the rules or risk huge penalties – and where there is risk, there is opportunity. In this special feature, we look at the essentials of GDPR and how resellers can help customers address the challenge and turn it into an opportunity.

General Data Protection Regulation (GDPR) is coming and it can’t be avoided or ignored. After 25 May 2018 organisations that don’t know what personal data they hold, or don’t do enough to protect it, face potential fines of up to 4% of their turnover, or €20 million.

According to Milton Stephenson, Mobility Specialist in the TD SYNNEX Advanced Solutions Security Practice, many resellers are still not aware of the importance of GDPR and how it might affect their customers.

‘Amongst both resellers and customers, there is very little understanding about what GDPR is, what it means and what is required’, he said. ‘This is a compelling event with a fixed date, after which you will be liable to substantial fines if you don’t meet the requirements. Businesses will need to show that they know what information they’ve got and are protecting data sufficiently.’


‘Denial of Service Week’

Under GDPR, the regulator and individual citizens will be entitled to ask organisations what information is being held – and every business or entity will be expected to respond swiftly and appropriately. ‘One of the concerns is that come 25 May 2018, there will be thousands of requests being made by members of the public’ said Stephenson. ‘In security circles, we are calling it “Denial of Service Week” because we believe some organisations will be totally swamped by requests, to which they will have to respond within a set period.’

This could be a major challenge for a large business or a council, for example, but any business that stores sensitive information about any individual needs to be aware of GDPR and take action to ensure they meet its requirements.

Organisations with 250 employees or more must appoint a Data Protection Officer (DPO) who is responsible for ensuring that personal data is collected and secured responsibly. Businesses with 250 staff will also need to adhere to GDPR if any of the data they hold or process could lead to the rights and freedoms of individuals being put at risk. This basically means if the data could be used to identify them, such as a national insurance number, a person’s bank account details and home address. This is information that’s stored in any payroll system.


What’s the opportunity?

The opportunity for resellers with GDPR will be in helping customers ensure that they know what personal data they hold on individuals, and that it is adequately protected.

‘Discovery is the first stage’ said Stephenson. ‘They need to know what data they have got and there will be structured and unstructured data in most organisations. The structured data resides in databases and spreadsheets and most companies know exactly what they store in these applications and files, and what they do with that data as well. Then there is unstructured data – and that’s everything from email, documents in people’s home directory or in the cloud – and that’s the data that’s more likely to be exposed. GDPR states that you must know what data you’ve got.’

This stage is likely to involve some consultancy, but there are various vendor tools that can be used to help customers discover exactly what data they have in structured and unstructured forms. IBM, McAfee and Symantec are all providing GDPR discovery software.

Positive side-effects

Stephenson pointed out that by discovering and defining what data they have, customers can also gain some advantage by getting a better insight on their own business and customers. This could also lead to sales of business analytics solutions. There is already a lot of interest in this area.

Once discovered, data needs to be classified. This should be straightforward enough and once again the vendor tools will help, as will the expertise and support of the Azlan Security Practice.

The data then needs to be secured and this will extend the opportunity considerably for resellers. Ensuring security of data will probably mean the use of encryption and containerisation of data in most cases. But customers will also need to ensure that they have good all-round security and appropriate digital security policies.

Best practice

‘We do in the end, go back to best practice. A lot of the leaks you hear about are down to best practice not being followed anyway’, said Stephenson. With the additional threats of ransomware and other malware now very apparent, this will make perfect sense to customers. Once again, he noted, Azlan and its Security Practice and established vendor partnerships, will be able to assist with any aspect of customer needs assessment and solution delivery.

For many resellers, the true benefit of GDPR may be in finally convincing their customers to commit to investing more in digital security. This is an opportunity that all resellers can take advantage of, said Stephenson, as most end-user customers will need to ensure that they are not at risk from the draconian fines that can be imposed under GDPR. Even if they don’t hold personal information and need to conform, they will need protection from ransomware and other threats.

How to approach customers on GDPR

It will be important, said Stephenson, for resellers to demonstrate they have adequate knowledge, as they will need to articulate the whole GDPR story convincingly.

While some resellers have their own specialist consultants, across the wider channel there is a shortage of digital security experts. While vendors have a higher level of knowledge on GDPR, they will want to make sure these resources are used in the most effective way over the next ten months. For most resellers, the fastest way to address any opportunities will be to bring in an expert from TD SYNNEX Advanced Solutions to start with, said Stephenson.

‘Most resellers are not going to be able to do it by themselves. We can come and help you qualify and quantify it to the next level – and get it to the point where we can then get the vendor involved and interested in supporting you and allocating some resources.’

What next?

Stephenson thinks that the relatively low level of activity amongst resellers on GDPR to date is down to a large part of their general lack of security expertise. One way of addressing that is to work with TD SYNNEX Advanced Solutions to gain an understanding of the issue and on formulating a go-to-market plan.

TD SYNNEX Advanced Solutions has already hosted one seminar event on GDPR, with expert contributions from IBM, McAfee and Symantec, and expects to organise more over the coming weeks. Any reseller interested in attending one of these events should CLICK TO EMAIL

As well as attending one of the TD SYNNEX Advanced Solutions seminars, any reseller that wants to get up to speed in GDPR and the security solutions that can be applied, should contact the Security Practice by calling 08453 563 033 or CLICK TO EMAIL

CONTINUE TO PART 2

Back to Top